java - Tomcat - Understanding CredentialHandler

Question

I need to use Container Managed Security and Authentication in my latest project. And I have a couple of queries regarding how to configure a Credential Handler.

1. Firstly how will a CredentialHandler declaration look like ? Can someone provide a sample declaration of the NestedCredentialHandler with the algorithm attribute declared. I need to know since the Digest attribute in Realms has become deprecated. I didn't find any examples on the web and I am utterly confused.
2. Whats the difference between MessageDigestCredentialHandler and SecretKeyCredentialHandler which one is more secure ?
3. SecretKeyCredentialHandler specifies only one algorithm in the documentation which is PBKDF2WithHmacSHA1. What other algorithms are available ?

Answer 1

To answer the first point, here's a comparison of the <Realm> from my context.xml before and after the switch to Tomcat 8:

Before:

<Realm className="org.apache.catalina.realm.DataSourceRealm"
       dataSourceName="jdbc/myDataSource"  
       roleNameCol="role" userCredCol="password" userNameCol="loginid" 
       digest="md5" 
       userRoleTable="userroles" userTable="users" 
       localDataSource="true" />

After:

<Realm className="org.apache.catalina.realm.DataSourceRealm" 
       dataSourceName="jdbc/myDataSource" 
       roleNameCol="role" userCredCol="password" userNameCol="loginid"      
       userRoleTable="userroles" userTable="users" localDataSource="true">
       <CredentialHandler
          className="org.apache.catalina.realm.MessageDigestCredentialHandler"     
 algorithm="md5" />
</Realm>